update specs and client
This commit is contained in:
parent
3cb4a4c8d1
commit
f91e329efc
10
Makefile
10
Makefile
|
@ -157,15 +157,15 @@ endif
|
|||
$(info )
|
||||
|
||||
|
||||
# To update cti_openapi.yaml:
|
||||
# curl https://crowdsecurity.github.io/cti-api/v2/swagger.yaml | npx swagger2openapi -o cti_openapi.yaml /dev/stdin
|
||||
# To update openapi.yaml:
|
||||
# curl https://crowdsecurity.github.io/cti-api/v2/swagger.yaml > ./pkg/cti/openapi.yaml
|
||||
|
||||
.PHONY: gen-cti
|
||||
gen-cti: ## Generate CTI client code from the specs
|
||||
@which oapi-codegen > /dev/null 2>&1 || (echo "oapi-codegen is not installed. You can install it with 'go install github.com/deepmap/oapi-codegen/v2/cmd/oapi-codegen@latest'" && exit 1)
|
||||
@echo "Generating Go client from Swagger spec..."
|
||||
oapi-codegen -package cti -generate client -o ./pkg/cti/client.go ./pkg/cti/cti_openapi.yaml
|
||||
oapi-codegen -package cti -generate types -o ./pkg/cti/types.go ./pkg/cti/cti_openapi.yaml
|
||||
@echo "Generating Go client from OpenAPI spec..."
|
||||
oapi-codegen -package cti -generate client -o ./pkg/cti/client.go ./pkg/cti/openapi.yaml
|
||||
oapi-codegen -package cti -generate types -o ./pkg/cti/types.go ./pkg/cti/openapi.yaml
|
||||
@echo "Client generation complete."
|
||||
|
||||
.PHONY: all
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"os"
|
||||
|
||||
"github.com/fatih/color"
|
||||
|
@ -8,6 +9,10 @@ import (
|
|||
"github.com/spf13/cobra"
|
||||
)
|
||||
|
||||
var (
|
||||
ErrorNoAPIKey = errors.New("CTI_API_KEY is not set")
|
||||
)
|
||||
|
||||
type Config struct {
|
||||
API struct {
|
||||
CTI struct {
|
||||
|
|
|
@ -43,14 +43,34 @@ func (cli *cliSmokeIP) smokeip(ip string) error {
|
|||
return err
|
||||
}
|
||||
|
||||
if resp.JSON200 != nil {
|
||||
out, err := json.MarshalIndent(resp.JSON200, "", " ")
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
fmt.Println(string(out))
|
||||
switch {
|
||||
case resp.JSON404 != nil:
|
||||
return fmt.Errorf("ip not found")
|
||||
case resp.JSON403 != nil:
|
||||
return fmt.Errorf("forbidden")
|
||||
case resp.JSON500 != nil:
|
||||
return fmt.Errorf("internal server error")
|
||||
case resp.JSON429 != nil:
|
||||
return fmt.Errorf("too many requests")
|
||||
case resp.JSON400 != nil:
|
||||
return fmt.Errorf("bad request")
|
||||
case resp.JSON200 == nil:
|
||||
return fmt.Errorf("unexpected error %d", resp.StatusCode())
|
||||
}
|
||||
|
||||
ctiObj := resp.JSON200
|
||||
|
||||
var out []byte
|
||||
|
||||
// re-encode (todo: yaml, human)
|
||||
|
||||
out, err = json.MarshalIndent(ctiObj, "", " ")
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
fmt.Println(string(out))
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
|
@ -172,6 +172,22 @@ func NewGetFireRequest(server string, params *GetFireParams) (*http.Request, err
|
|||
|
||||
}
|
||||
|
||||
if params.Limit != nil {
|
||||
|
||||
if queryFrag, err := runtime.StyleParamWithLocation("form", true, "limit", runtime.ParamLocationQuery, *params.Limit); err != nil {
|
||||
return nil, err
|
||||
} else if parsed, err := url.ParseQuery(queryFrag); err != nil {
|
||||
return nil, err
|
||||
} else {
|
||||
for k, v := range parsed {
|
||||
for _, v2 := range v {
|
||||
queryValues.Add(k, v2)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
if params.Since != nil {
|
||||
|
||||
if queryFrag, err := runtime.StyleParamWithLocation("form", true, "since", runtime.ParamLocationQuery, *params.Since); err != nil {
|
||||
|
|
|
@ -1,820 +0,0 @@
|
|||
---
|
||||
swagger: "2.0"
|
||||
info:
|
||||
description: "API to manage machines using [crowdsec](https://github.com/crowdsecurity/crowdsec)\
|
||||
\ and bouncers.\n"
|
||||
version: "2023-01-04T11:16:39Z"
|
||||
title: "prod-capi-v2"
|
||||
contact:
|
||||
name: "Crowdsec team"
|
||||
url: "https://github.com/crowdsecurity/crowdsec"
|
||||
email: "support@crowdsec.net"
|
||||
host: "api.crowdsec.net"
|
||||
basePath: "/v2"
|
||||
tags:
|
||||
- name: "watchers"
|
||||
description: "Operations about watchers: crowdsec & cscli"
|
||||
- name: "bouncers"
|
||||
description: "Operations about decisions : bans, captcha, rate-limit etc."
|
||||
schemes:
|
||||
- "https"
|
||||
paths:
|
||||
/decisions/delete:
|
||||
post:
|
||||
tags:
|
||||
- "watchers"
|
||||
summary: "delete decisions"
|
||||
description: "delete provided decisions"
|
||||
consumes:
|
||||
- "application/json"
|
||||
produces:
|
||||
- "application/json"
|
||||
parameters:
|
||||
- in: "body"
|
||||
name: "DecisionsDeleteRequest"
|
||||
required: true
|
||||
schema:
|
||||
$ref: "#/definitions/DecisionsDeleteRequest"
|
||||
responses:
|
||||
"200":
|
||||
description: "200 response"
|
||||
schema:
|
||||
$ref: "#/definitions/SuccessResponse"
|
||||
"500":
|
||||
description: "500 response"
|
||||
schema:
|
||||
$ref: "#/definitions/ErrorResponse"
|
||||
security:
|
||||
- UserPoolAuthorizer: []
|
||||
/decisions/stream:
|
||||
get:
|
||||
tags:
|
||||
- "bouncers"
|
||||
- "watchers"
|
||||
summary: "returns list of top decisions"
|
||||
description: "returns list of top decisions to add or delete"
|
||||
produces:
|
||||
- "application/json"
|
||||
responses:
|
||||
"200":
|
||||
description: "200 response"
|
||||
schema:
|
||||
$ref: "#/definitions/GetDecisionsStreamResponse"
|
||||
"400":
|
||||
description: "400 response"
|
||||
schema:
|
||||
$ref: "#/definitions/ErrorResponse"
|
||||
"500":
|
||||
description: "500 response"
|
||||
schema:
|
||||
$ref: "#/definitions/ErrorResponse"
|
||||
"404":
|
||||
description: "404 response"
|
||||
schema:
|
||||
$ref: "#/definitions/ErrorResponse"
|
||||
security:
|
||||
- UserPoolAuthorizer: []
|
||||
options:
|
||||
consumes:
|
||||
- "application/json"
|
||||
produces:
|
||||
- "application/json"
|
||||
responses:
|
||||
"200":
|
||||
description: "200 response"
|
||||
headers:
|
||||
Access-Control-Allow-Origin:
|
||||
type: "string"
|
||||
Access-Control-Allow-Methods:
|
||||
type: "string"
|
||||
Access-Control-Allow-Headers:
|
||||
type: "string"
|
||||
/decisions/sync:
|
||||
post:
|
||||
tags:
|
||||
- "watchers"
|
||||
summary: "sync decisions"
|
||||
description: "sync provided decisions"
|
||||
consumes:
|
||||
- "application/json"
|
||||
produces:
|
||||
- "application/json"
|
||||
parameters:
|
||||
- in: "body"
|
||||
name: "DecisionsSyncRequest"
|
||||
required: true
|
||||
schema:
|
||||
$ref: "#/definitions/DecisionsSyncRequest"
|
||||
responses:
|
||||
"200":
|
||||
description: "200 response"
|
||||
schema:
|
||||
$ref: "#/definitions/SuccessResponse"
|
||||
"500":
|
||||
description: "500 response"
|
||||
schema:
|
||||
$ref: "#/definitions/ErrorResponse"
|
||||
security:
|
||||
- UserPoolAuthorizer: []
|
||||
/metrics:
|
||||
post:
|
||||
tags:
|
||||
- "watchers"
|
||||
summary: "receive metrics about enrolled machines and bouncers in APIL"
|
||||
description: "receive metrics about enrolled machines and bouncers in APIL"
|
||||
consumes:
|
||||
- "application/json"
|
||||
produces:
|
||||
- "application/json"
|
||||
parameters:
|
||||
- in: "body"
|
||||
name: "MetricsRequest"
|
||||
required: true
|
||||
schema:
|
||||
$ref: "#/definitions/MetricsRequest"
|
||||
responses:
|
||||
"200":
|
||||
description: "200 response"
|
||||
schema:
|
||||
$ref: "#/definitions/SuccessResponse"
|
||||
"400":
|
||||
description: "400 response"
|
||||
schema:
|
||||
$ref: "#/definitions/ErrorResponse"
|
||||
"500":
|
||||
description: "500 response"
|
||||
schema:
|
||||
$ref: "#/definitions/ErrorResponse"
|
||||
security:
|
||||
- UserPoolAuthorizer: []
|
||||
/signals:
|
||||
post:
|
||||
tags:
|
||||
- "watchers"
|
||||
summary: "Push signals"
|
||||
description: "to push signals"
|
||||
consumes:
|
||||
- "application/json"
|
||||
produces:
|
||||
- "application/json"
|
||||
parameters:
|
||||
- in: "body"
|
||||
name: "AddSignalsRequest"
|
||||
required: true
|
||||
schema:
|
||||
$ref: "#/definitions/AddSignalsRequest"
|
||||
responses:
|
||||
"200":
|
||||
description: "200 response"
|
||||
schema:
|
||||
$ref: "#/definitions/SuccessResponse"
|
||||
"400":
|
||||
description: "400 response"
|
||||
schema:
|
||||
$ref: "#/definitions/ErrorResponse"
|
||||
"500":
|
||||
description: "500 response"
|
||||
schema:
|
||||
$ref: "#/definitions/ErrorResponse"
|
||||
security:
|
||||
- UserPoolAuthorizer: []
|
||||
/watchers:
|
||||
post:
|
||||
tags:
|
||||
- "watchers"
|
||||
summary: "Register watcher"
|
||||
description: "Register a watcher"
|
||||
consumes:
|
||||
- "application/json"
|
||||
produces:
|
||||
- "application/json"
|
||||
parameters:
|
||||
- in: "body"
|
||||
name: "RegisterRequest"
|
||||
required: true
|
||||
schema:
|
||||
$ref: "#/definitions/RegisterRequest"
|
||||
responses:
|
||||
"200":
|
||||
description: "200 response"
|
||||
schema:
|
||||
$ref: "#/definitions/SuccessResponse"
|
||||
"400":
|
||||
description: "400 response"
|
||||
schema:
|
||||
$ref: "#/definitions/ErrorResponse"
|
||||
"500":
|
||||
description: "500 response"
|
||||
schema:
|
||||
$ref: "#/definitions/ErrorResponse"
|
||||
/watchers/enroll:
|
||||
post:
|
||||
tags:
|
||||
- "watchers"
|
||||
summary: "watcher enrollment"
|
||||
description: "watcher enrollment : enroll watcher to crowdsec backoffice account"
|
||||
consumes:
|
||||
- "application/json"
|
||||
produces:
|
||||
- "application/json"
|
||||
parameters:
|
||||
- in: "body"
|
||||
name: "EnrollRequest"
|
||||
required: true
|
||||
schema:
|
||||
$ref: "#/definitions/EnrollRequest"
|
||||
responses:
|
||||
"200":
|
||||
description: "200 response"
|
||||
schema:
|
||||
$ref: "#/definitions/SuccessResponse"
|
||||
"400":
|
||||
description: "400 response"
|
||||
schema:
|
||||
$ref: "#/definitions/ErrorResponse"
|
||||
"500":
|
||||
description: "500 response"
|
||||
schema:
|
||||
$ref: "#/definitions/ErrorResponse"
|
||||
"403":
|
||||
description: "403 response"
|
||||
schema:
|
||||
$ref: "#/definitions/ErrorResponse"
|
||||
security:
|
||||
- UserPoolAuthorizer: []
|
||||
/watchers/login:
|
||||
post:
|
||||
tags:
|
||||
- "watchers"
|
||||
summary: "watcher login"
|
||||
description: "Sign-in to get a valid token"
|
||||
consumes:
|
||||
- "application/json"
|
||||
produces:
|
||||
- "application/json"
|
||||
parameters:
|
||||
- in: "body"
|
||||
name: "LoginRequest"
|
||||
required: true
|
||||
schema:
|
||||
$ref: "#/definitions/LoginRequest"
|
||||
responses:
|
||||
"200":
|
||||
description: "200 response"
|
||||
schema:
|
||||
$ref: "#/definitions/LoginResponse"
|
||||
"400":
|
||||
description: "400 response"
|
||||
schema:
|
||||
$ref: "#/definitions/ErrorResponse"
|
||||
"500":
|
||||
description: "500 response"
|
||||
schema:
|
||||
$ref: "#/definitions/ErrorResponse"
|
||||
"403":
|
||||
description: "403 response"
|
||||
schema:
|
||||
$ref: "#/definitions/ErrorResponse"
|
||||
/watchers/reset:
|
||||
post:
|
||||
tags:
|
||||
- "watchers"
|
||||
summary: "Reset Password"
|
||||
description: "to reset a watcher password"
|
||||
consumes:
|
||||
- "application/json"
|
||||
produces:
|
||||
- "application/json"
|
||||
parameters:
|
||||
- in: "body"
|
||||
name: "ResetPasswordRequest"
|
||||
required: true
|
||||
schema:
|
||||
$ref: "#/definitions/ResetPasswordRequest"
|
||||
responses:
|
||||
"200":
|
||||
description: "200 response"
|
||||
schema:
|
||||
$ref: "#/definitions/SuccessResponse"
|
||||
headers:
|
||||
Content-type:
|
||||
type: "string"
|
||||
Access-Control-Allow-Origin:
|
||||
type: "string"
|
||||
"400":
|
||||
description: "400 response"
|
||||
schema:
|
||||
$ref: "#/definitions/ErrorResponse"
|
||||
"500":
|
||||
description: "500 response"
|
||||
schema:
|
||||
$ref: "#/definitions/ErrorResponse"
|
||||
headers:
|
||||
Content-type:
|
||||
type: "string"
|
||||
Access-Control-Allow-Origin:
|
||||
type: "string"
|
||||
"403":
|
||||
description: "403 response"
|
||||
schema:
|
||||
$ref: "#/definitions/ErrorResponse"
|
||||
"404":
|
||||
description: "404 response"
|
||||
headers:
|
||||
Content-type:
|
||||
type: "string"
|
||||
Access-Control-Allow-Origin:
|
||||
type: "string"
|
||||
options:
|
||||
consumes:
|
||||
- "application/json"
|
||||
produces:
|
||||
- "application/json"
|
||||
responses:
|
||||
"200":
|
||||
description: "200 response"
|
||||
headers:
|
||||
Access-Control-Allow-Origin:
|
||||
type: "string"
|
||||
Access-Control-Allow-Methods:
|
||||
type: "string"
|
||||
Access-Control-Allow-Headers:
|
||||
type: "string"
|
||||
securityDefinitions:
|
||||
UserPoolAuthorizer:
|
||||
type: "apiKey"
|
||||
name: "Authorization"
|
||||
in: "header"
|
||||
x-amazon-apigateway-authtype: "cognito_user_pools"
|
||||
definitions:
|
||||
DecisionsDeleteRequest:
|
||||
title: "delete decisions"
|
||||
type: "array"
|
||||
description: "delete decision model"
|
||||
items:
|
||||
$ref: "#/definitions/DecisionsDeleteRequestItem"
|
||||
DecisionsSyncRequestItem:
|
||||
type: "object"
|
||||
required:
|
||||
- "message"
|
||||
- "scenario"
|
||||
- "scenario_hash"
|
||||
- "scenario_version"
|
||||
- "source"
|
||||
- "start_at"
|
||||
- "stop_at"
|
||||
properties:
|
||||
scenario_trust:
|
||||
type: "string"
|
||||
scenario_hash:
|
||||
type: "string"
|
||||
scenario:
|
||||
type: "string"
|
||||
alert_id:
|
||||
type: "integer"
|
||||
created_at:
|
||||
type: "string"
|
||||
machine_id:
|
||||
type: "string"
|
||||
decisions:
|
||||
$ref: "#/definitions/DecisionsSyncRequestItemDecisions"
|
||||
source:
|
||||
$ref: "#/definitions/DecisionsSyncRequestItemSource"
|
||||
scenario_version:
|
||||
type: "string"
|
||||
message:
|
||||
type: "string"
|
||||
description: "a human readable message"
|
||||
start_at:
|
||||
type: "string"
|
||||
stop_at:
|
||||
type: "string"
|
||||
title: "Signal"
|
||||
AddSignalsRequestItem:
|
||||
type: "object"
|
||||
required:
|
||||
- "message"
|
||||
- "scenario"
|
||||
- "scenario_hash"
|
||||
- "scenario_version"
|
||||
- "source"
|
||||
- "start_at"
|
||||
- "stop_at"
|
||||
properties:
|
||||
created_at:
|
||||
type: "string"
|
||||
machine_id:
|
||||
type: "string"
|
||||
source:
|
||||
$ref: "#/definitions/AddSignalsRequestItemSource"
|
||||
scenario_version:
|
||||
type: "string"
|
||||
message:
|
||||
type: "string"
|
||||
description: "a human readable message"
|
||||
start_at:
|
||||
type: "string"
|
||||
scenario_trust:
|
||||
type: "string"
|
||||
scenario_hash:
|
||||
type: "string"
|
||||
scenario:
|
||||
type: "string"
|
||||
alert_id:
|
||||
type: "integer"
|
||||
context:
|
||||
type: "array"
|
||||
nullable: true
|
||||
items:
|
||||
type: "object"
|
||||
properties:
|
||||
value:
|
||||
type: "string"
|
||||
key:
|
||||
type: "string"
|
||||
decisions:
|
||||
$ref: "#/definitions/AddSignalsRequestItemDecisions"
|
||||
stop_at:
|
||||
type: "string"
|
||||
title: "Signal"
|
||||
DecisionsSyncRequest:
|
||||
title: "sync decisions request"
|
||||
type: "array"
|
||||
description: "sync decision model"
|
||||
items:
|
||||
$ref: "#/definitions/DecisionsSyncRequestItem"
|
||||
LoginRequest:
|
||||
type: "object"
|
||||
required:
|
||||
- "machine_id"
|
||||
- "password"
|
||||
properties:
|
||||
password:
|
||||
type: "string"
|
||||
description: "Password, should respect the password policy (link to add)"
|
||||
machine_id:
|
||||
type: "string"
|
||||
description: "machine_id is a (username) generated by crowdsec"
|
||||
minLength: 48
|
||||
maxLength: 48
|
||||
pattern: "^[a-zA-Z0-9]+$"
|
||||
scenarios:
|
||||
type: "array"
|
||||
description: "all scenarios installed"
|
||||
items:
|
||||
type: "string"
|
||||
title: "login request"
|
||||
description: "Login request model"
|
||||
GetDecisionsStreamResponseNewItem:
|
||||
type: "object"
|
||||
required:
|
||||
- "duration"
|
||||
- "origin"
|
||||
- "scenario"
|
||||
- "scope"
|
||||
- "type"
|
||||
- "value"
|
||||
properties:
|
||||
duration:
|
||||
type: "string"
|
||||
scenario:
|
||||
type: "string"
|
||||
origin:
|
||||
type: "string"
|
||||
description: "the origin of the decision : cscli, crowdsec"
|
||||
scope:
|
||||
type: "string"
|
||||
description: "the scope of decision : does it apply to an IP, a range, a username,\
|
||||
\ etc"
|
||||
start_ip:
|
||||
type: "integer"
|
||||
description: "(only relevant for GET ops) when the value is an IP or range,\
|
||||
\ its numeric representation"
|
||||
id:
|
||||
type: "integer"
|
||||
description: "(only relevant for GET ops) the unique id"
|
||||
type:
|
||||
type: "string"
|
||||
description: "the type of decision, might be 'ban', 'captcha' or something\
|
||||
\ custom. Ignored when watcher (cscli/crowdsec) is pushing to APIL."
|
||||
value:
|
||||
type: "string"
|
||||
description: "the value of the decision scope : an IP, a range, a username,\
|
||||
\ etc"
|
||||
end_ip:
|
||||
type: "integer"
|
||||
description: "(only relevant for GET ops) when the value is an IP or range,\
|
||||
\ its numeric representation"
|
||||
title: "Decision"
|
||||
AddSignalsRequestItemDecisionsItem:
|
||||
type: "object"
|
||||
required:
|
||||
- "duration"
|
||||
- "id"
|
||||
- "origin"
|
||||
- "scenario"
|
||||
- "scope"
|
||||
- "type"
|
||||
- "value"
|
||||
properties:
|
||||
duration:
|
||||
type: "string"
|
||||
scenario:
|
||||
type: "string"
|
||||
origin:
|
||||
type: "string"
|
||||
description: "the origin of the decision : cscli, crowdsec"
|
||||
scope:
|
||||
type: "string"
|
||||
description: "the scope of decision : does it apply to an IP, a range, a username,\
|
||||
\ etc"
|
||||
simulated:
|
||||
type: "boolean"
|
||||
until:
|
||||
type: "string"
|
||||
id:
|
||||
type: "integer"
|
||||
description: "(only relevant for GET ops) the unique id"
|
||||
type:
|
||||
type: "string"
|
||||
description: "the type of decision, might be 'ban', 'captcha' or something\
|
||||
\ custom. Ignored when watcher (cscli/crowdsec) is pushing to APIL."
|
||||
value:
|
||||
type: "string"
|
||||
description: "the value of the decision scope : an IP, a range, a username,\
|
||||
\ etc"
|
||||
title: "Decision"
|
||||
EnrollRequest:
|
||||
type: "object"
|
||||
required:
|
||||
- "attachment_key"
|
||||
properties:
|
||||
name:
|
||||
type: "string"
|
||||
description: "The name that will be display in the console for the instance"
|
||||
overwrite:
|
||||
type: "boolean"
|
||||
description: "To force enroll the instance"
|
||||
attachment_key:
|
||||
type: "string"
|
||||
description: "attachment_key is generated in your crowdsec backoffice account\
|
||||
\ and allows you to enroll your machines to your BO account"
|
||||
pattern: "^[a-zA-Z0-9]+$"
|
||||
tags:
|
||||
type: "array"
|
||||
description: "Tags to apply on the console for the instance"
|
||||
items:
|
||||
type: "string"
|
||||
title: "enroll request"
|
||||
description: "enroll request model"
|
||||
ResetPasswordRequest:
|
||||
type: "object"
|
||||
required:
|
||||
- "machine_id"
|
||||
- "password"
|
||||
properties:
|
||||
password:
|
||||
type: "string"
|
||||
description: "Password, should respect the password policy (link to add)"
|
||||
machine_id:
|
||||
type: "string"
|
||||
description: "machine_id is a (username) generated by crowdsec"
|
||||
minLength: 48
|
||||
maxLength: 48
|
||||
pattern: "^[a-zA-Z0-9]+$"
|
||||
title: "resetPassword"
|
||||
description: "ResetPassword request model"
|
||||
MetricsRequestBouncersItem:
|
||||
type: "object"
|
||||
properties:
|
||||
last_pull:
|
||||
type: "string"
|
||||
description: "last bouncer pull date"
|
||||
custom_name:
|
||||
type: "string"
|
||||
description: "bouncer name"
|
||||
name:
|
||||
type: "string"
|
||||
description: "bouncer type (firewall, php...)"
|
||||
version:
|
||||
type: "string"
|
||||
description: "bouncer version"
|
||||
title: "MetricsBouncerInfo"
|
||||
AddSignalsRequestItemSource:
|
||||
type: "object"
|
||||
required:
|
||||
- "scope"
|
||||
- "value"
|
||||
properties:
|
||||
scope:
|
||||
type: "string"
|
||||
description: "the scope of a source : ip,range,username,etc"
|
||||
ip:
|
||||
type: "string"
|
||||
description: "provided as a convenience when the source is an IP"
|
||||
latitude:
|
||||
type: "number"
|
||||
format: "float"
|
||||
as_number:
|
||||
type: "string"
|
||||
description: "provided as a convenience when the source is an IP"
|
||||
range:
|
||||
type: "string"
|
||||
description: "provided as a convenience when the source is an IP"
|
||||
cn:
|
||||
type: "string"
|
||||
value:
|
||||
type: "string"
|
||||
description: "the value of a source : the ip, the range, the username,etc"
|
||||
as_name:
|
||||
type: "string"
|
||||
description: "provided as a convenience when the source is an IP"
|
||||
longitude:
|
||||
type: "number"
|
||||
format: "float"
|
||||
title: "Source"
|
||||
DecisionsSyncRequestItemDecisions:
|
||||
title: "Decisions list"
|
||||
type: "array"
|
||||
items:
|
||||
$ref: "#/definitions/DecisionsSyncRequestItemDecisionsItem"
|
||||
RegisterRequest:
|
||||
type: "object"
|
||||
required:
|
||||
- "machine_id"
|
||||
- "password"
|
||||
properties:
|
||||
password:
|
||||
type: "string"
|
||||
description: "Password, should respect the password policy (link to add)"
|
||||
machine_id:
|
||||
type: "string"
|
||||
description: "machine_id is a (username) generated by crowdsec"
|
||||
pattern: "^[a-zA-Z0-9]+$"
|
||||
title: "register request"
|
||||
description: "Register request model"
|
||||
SuccessResponse:
|
||||
type: "object"
|
||||
required:
|
||||
- "message"
|
||||
properties:
|
||||
message:
|
||||
type: "string"
|
||||
description: "message"
|
||||
title: "success response"
|
||||
description: "success response return by the API"
|
||||
LoginResponse:
|
||||
type: "object"
|
||||
properties:
|
||||
code:
|
||||
type: "integer"
|
||||
expire:
|
||||
type: "string"
|
||||
token:
|
||||
type: "string"
|
||||
title: "login response"
|
||||
description: "Login request model"
|
||||
DecisionsSyncRequestItemDecisionsItem:
|
||||
type: "object"
|
||||
required:
|
||||
- "duration"
|
||||
- "id"
|
||||
- "origin"
|
||||
- "scenario"
|
||||
- "scope"
|
||||
- "type"
|
||||
- "value"
|
||||
properties:
|
||||
duration:
|
||||
type: "string"
|
||||
scenario:
|
||||
type: "string"
|
||||
origin:
|
||||
type: "string"
|
||||
description: "the origin of the decision : cscli, crowdsec"
|
||||
scope:
|
||||
type: "string"
|
||||
description: "the scope of decision : does it apply to an IP, a range, a username,\
|
||||
\ etc"
|
||||
simulated:
|
||||
type: "boolean"
|
||||
until:
|
||||
type: "string"
|
||||
id:
|
||||
type: "integer"
|
||||
description: "(only relevant for GET ops) the unique id"
|
||||
type:
|
||||
type: "string"
|
||||
description: "the type of decision, might be 'ban', 'captcha' or something\
|
||||
\ custom. Ignored when watcher (cscli/crowdsec) is pushing to APIL."
|
||||
value:
|
||||
type: "string"
|
||||
description: "the value of the decision scope : an IP, a range, a username,\
|
||||
\ etc"
|
||||
title: "Decision"
|
||||
GetDecisionsStreamResponse:
|
||||
type: "object"
|
||||
properties:
|
||||
new:
|
||||
$ref: "#/definitions/GetDecisionsStreamResponseNew"
|
||||
deleted:
|
||||
$ref: "#/definitions/GetDecisionsStreamResponseNew"
|
||||
title: "get decisions stream response"
|
||||
description: "get decision response model"
|
||||
DecisionsSyncRequestItemSource:
|
||||
type: "object"
|
||||
required:
|
||||
- "scope"
|
||||
- "value"
|
||||
properties:
|
||||
scope:
|
||||
type: "string"
|
||||
description: "the scope of a source : ip,range,username,etc"
|
||||
ip:
|
||||
type: "string"
|
||||
description: "provided as a convenience when the source is an IP"
|
||||
latitude:
|
||||
type: "number"
|
||||
format: "float"
|
||||
as_number:
|
||||
type: "string"
|
||||
description: "provided as a convenience when the source is an IP"
|
||||
range:
|
||||
type: "string"
|
||||
description: "provided as a convenience when the source is an IP"
|
||||
cn:
|
||||
type: "string"
|
||||
value:
|
||||
type: "string"
|
||||
description: "the value of a source : the ip, the range, the username,etc"
|
||||
as_name:
|
||||
type: "string"
|
||||
description: "provided as a convenience when the source is an IP"
|
||||
longitude:
|
||||
type: "number"
|
||||
format: "float"
|
||||
title: "Source"
|
||||
AddSignalsRequestItemDecisions:
|
||||
title: "Decisions list"
|
||||
type: "array"
|
||||
items:
|
||||
$ref: "#/definitions/AddSignalsRequestItemDecisionsItem"
|
||||
MetricsRequestMachinesItem:
|
||||
type: "object"
|
||||
properties:
|
||||
last_update:
|
||||
type: "string"
|
||||
description: "last agent update date"
|
||||
name:
|
||||
type: "string"
|
||||
description: "agent name"
|
||||
last_push:
|
||||
type: "string"
|
||||
description: "last agent push date"
|
||||
version:
|
||||
type: "string"
|
||||
description: "agent version"
|
||||
title: "MetricsAgentInfo"
|
||||
MetricsRequest:
|
||||
type: "object"
|
||||
required:
|
||||
- "bouncers"
|
||||
- "machines"
|
||||
properties:
|
||||
bouncers:
|
||||
type: "array"
|
||||
items:
|
||||
$ref: "#/definitions/MetricsRequestBouncersItem"
|
||||
machines:
|
||||
type: "array"
|
||||
items:
|
||||
$ref: "#/definitions/MetricsRequestMachinesItem"
|
||||
title: "metrics"
|
||||
description: "push metrics model"
|
||||
ErrorResponse:
|
||||
type: "object"
|
||||
required:
|
||||
- "message"
|
||||
properties:
|
||||
message:
|
||||
type: "string"
|
||||
description: "Error message"
|
||||
errors:
|
||||
type: "string"
|
||||
description: "more detail on individual errors"
|
||||
title: "error response"
|
||||
description: "error response return by the API"
|
||||
AddSignalsRequest:
|
||||
title: "add signals request"
|
||||
type: "array"
|
||||
description: "All signals request model"
|
||||
items:
|
||||
$ref: "#/definitions/AddSignalsRequestItem"
|
||||
DecisionsDeleteRequestItem:
|
||||
type: "string"
|
||||
title: "decisionsIDs"
|
||||
GetDecisionsStreamResponseNew:
|
||||
title: "Decisions list"
|
||||
type: "array"
|
||||
items:
|
||||
$ref: "#/definitions/GetDecisionsStreamResponseNewItem"
|
19
pkg/cti/cticlient.go
Normal file
19
pkg/cti/cticlient.go
Normal file
|
@ -0,0 +1,19 @@
|
|||
package cti
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
)
|
||||
|
||||
const CTIBaseURL = "https://cti.api.crowdsec.net/v2"
|
||||
|
||||
// NewCTIClient creates a new CTI client with the correct URL and any required configuration.
|
||||
func NewCTIClient(apiKey string, opts ...ClientOption) (*ClientWithResponses, error) {
|
||||
provider, err := NewAPIKeyProvider(apiKey)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to create API key provider: %w", err)
|
||||
}
|
||||
|
||||
opts = append(opts, WithRequestEditorFn(provider.Intercept))
|
||||
|
||||
return NewClientWithResponses(CTIBaseURL, opts...)
|
||||
}
|
|
@ -1,112 +1,112 @@
|
|||
openapi: 3.0.1
|
||||
openapi: "3.0.1"
|
||||
info:
|
||||
description: CTI by Crowdsec
|
||||
version: 2022-02-16T14:00:00
|
||||
title: CTI v2
|
||||
description: "CTI by Crowdsec"
|
||||
version: "2022-02-16T14:00:00"
|
||||
title: "CTI v2"
|
||||
contact:
|
||||
name: Crowdsec team
|
||||
url: https://github.com/crowdsecurity/crowdsec
|
||||
email: support@crowdsec.net
|
||||
name: "Crowdsec team"
|
||||
url: "https://github.com/crowdsecurity/crowdsec"
|
||||
email: "support@crowdsec.net"
|
||||
externalDocs:
|
||||
description: CTI Documentation
|
||||
url: https://docs.crowdsec.net/docs/next/cti_api/intro/
|
||||
servers:
|
||||
- url: https://cti.api.crowdsec.net/v2
|
||||
- url: "https://cti.api.crowdsec.net/v2"
|
||||
paths:
|
||||
/smoke:
|
||||
get:
|
||||
description: Search for CTI informations
|
||||
summary: Search for CTI informations
|
||||
description: "Search for CTI informations"
|
||||
summary: "Search for CTI informations"
|
||||
security:
|
||||
- api_key: []
|
||||
parameters:
|
||||
- name: ips
|
||||
in: query
|
||||
- name: "ips"
|
||||
in: "query"
|
||||
required: true
|
||||
description: List of IPs to query, separated by comma
|
||||
example: 0.0.0.0,1.1.1.1
|
||||
description: "List of IPs to query, separated by comma"
|
||||
example: "0.0.0.0,1.1.1.1"
|
||||
schema:
|
||||
type: string
|
||||
type: "string"
|
||||
responses:
|
||||
"200":
|
||||
description: 200 response
|
||||
description: "200 response"
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: "#/components/schemas/SearchCTIResponse"
|
||||
"400":
|
||||
description: 400 response
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: "#/components/schemas/ErrorResponse"
|
||||
"403":
|
||||
description: 403 response
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: "#/components/schemas/ErrorResponse"
|
||||
"404":
|
||||
description: 404 response
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: "#/components/schemas/ErrorResponse"
|
||||
"429":
|
||||
description: 429 response
|
||||
description: "400 response"
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: "#/components/schemas/ErrorResponse"
|
||||
"500":
|
||||
description: 500 response
|
||||
description: "500 response"
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: "#/components/schemas/ErrorResponse"
|
||||
"/smoke/{ip}":
|
||||
"403":
|
||||
description: "403 response"
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: "#/components/schemas/ErrorResponse"
|
||||
"404":
|
||||
description: "404 response"
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: "#/components/schemas/ErrorResponse"
|
||||
"429":
|
||||
description: "429 response"
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: "#/components/schemas/ErrorResponse"
|
||||
/smoke/{ip}:
|
||||
get:
|
||||
description: Get CTI informations about the given IP
|
||||
summary: CTI information on a given IP
|
||||
description: "Get CTI informations about the given IP"
|
||||
summary: "CTI information on a given IP"
|
||||
parameters:
|
||||
- name: ip
|
||||
in: path
|
||||
- name: "ip"
|
||||
in: "path"
|
||||
required: true
|
||||
schema:
|
||||
type: string
|
||||
type: "string"
|
||||
responses:
|
||||
"200":
|
||||
description: 200 response
|
||||
description: "200 response"
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: "#/components/schemas/QueryCTIResponse"
|
||||
"400":
|
||||
description: 400 response
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: "#/components/schemas/ErrorResponse"
|
||||
"403":
|
||||
description: 403 response
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: "#/components/schemas/ErrorResponse"
|
||||
"404":
|
||||
description: 404 response
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: "#/components/schemas/ErrorResponse"
|
||||
"429":
|
||||
description: 429 response
|
||||
description: "400 response"
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: "#/components/schemas/ErrorResponse"
|
||||
"500":
|
||||
description: 500 response
|
||||
description: "500 response"
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: "#/components/schemas/ErrorResponse"
|
||||
"403":
|
||||
description: "403 response"
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: "#/components/schemas/ErrorResponse"
|
||||
"404":
|
||||
description: "404 response"
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: "#/components/schemas/ErrorResponse"
|
||||
"429":
|
||||
description: "429 response"
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
|
@ -115,73 +115,80 @@ paths:
|
|||
- api_key: []
|
||||
/fire:
|
||||
get:
|
||||
description: Get fire CTI informations (IPs belonging to the community-blocklist)
|
||||
summary: Get fire CTI informations (IPs belonging to the community-blocklist)
|
||||
description: "Get fire CTI informations (IPs belonging to the community-blocklist)"
|
||||
summary: "Get fire CTI informations (IPs belonging to the community-blocklist)"
|
||||
security:
|
||||
- api_key: []
|
||||
parameters:
|
||||
- name: page
|
||||
in: query
|
||||
- name: "page"
|
||||
in: "query"
|
||||
required: false
|
||||
description: Number of the page to fetch
|
||||
description: "The page to fetch"
|
||||
example: 1
|
||||
schema:
|
||||
type: number
|
||||
- name: since
|
||||
in: query
|
||||
type: "number"
|
||||
- name: "limit"
|
||||
in: "query"
|
||||
required: false
|
||||
description: Filter records updated since - duration in h (hours), d(days),
|
||||
m(minutes) )
|
||||
example: 3d
|
||||
description: "The number of items to fetch"
|
||||
example: 50
|
||||
schema:
|
||||
type: string
|
||||
type: "number"
|
||||
- name: "since"
|
||||
in: "query"
|
||||
required: false
|
||||
description: "Filter records updated since - duration in h (hours), d(days), m(minutes) )"
|
||||
example: "3d"
|
||||
schema:
|
||||
type: "string"
|
||||
responses:
|
||||
"200":
|
||||
description: 200 response
|
||||
description: "200 response"
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: "#/components/schemas/FireCTIResponse"
|
||||
"400":
|
||||
description: 400 response
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: "#/components/schemas/ErrorResponse"
|
||||
"403":
|
||||
description: 403 response
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: "#/components/schemas/ErrorResponse"
|
||||
"404":
|
||||
description: 404 response
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: "#/components/schemas/ErrorResponse"
|
||||
"429":
|
||||
description: 429 response
|
||||
description: "400 response"
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: "#/components/schemas/ErrorResponse"
|
||||
"500":
|
||||
description: 500 response
|
||||
description: "500 response"
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: "#/components/schemas/ErrorResponse"
|
||||
"403":
|
||||
description: "403 response"
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: "#/components/schemas/ErrorResponse"
|
||||
"404":
|
||||
description: "404 response"
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: "#/components/schemas/ErrorResponse"
|
||||
"429":
|
||||
description: "429 response"
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: "#/components/schemas/ErrorResponse"
|
||||
|
||||
components:
|
||||
securitySchemes:
|
||||
api_key:
|
||||
type: apiKey
|
||||
name: x-api-key
|
||||
in: header
|
||||
type: "apiKey"
|
||||
name: "x-api-key"
|
||||
in: "header"
|
||||
schemas:
|
||||
CTIObject:
|
||||
title: IP CTI Object
|
||||
type: object
|
||||
title: "IP CTI Object"
|
||||
type: "object"
|
||||
required:
|
||||
- as_name
|
||||
- as_num
|
||||
|
@ -196,21 +203,74 @@ components:
|
|||
- reverse_dns
|
||||
- scores
|
||||
- target_countries
|
||||
- mitre_techniques
|
||||
- cves
|
||||
- background_noise_score
|
||||
- background_noise
|
||||
- attack_details
|
||||
- reputation
|
||||
- ip_range_24
|
||||
- ip_range_24_reputation
|
||||
- ip_range_24_score
|
||||
properties:
|
||||
ip:
|
||||
type: string
|
||||
description: Requested IP
|
||||
example: 1.2.3.4
|
||||
example: "1.2.3.4"
|
||||
reputation:
|
||||
type: string
|
||||
description: The reputation of the IP address
|
||||
example: "malicious"
|
||||
enum:
|
||||
- malicious
|
||||
- suspicious
|
||||
- unknown
|
||||
- known
|
||||
- safe
|
||||
ip_range:
|
||||
type: string
|
||||
description: The range to which the IP belongs
|
||||
example: 1.2.3.0/24
|
||||
example: "1.2.3.0/16"
|
||||
nullable: true
|
||||
ip_range_score:
|
||||
type: number
|
||||
description: The score of the range (ip_range) the IP belongs to. 0 is
|
||||
good/unknown, 5 is worse
|
||||
description: The score of the range (ip_range) the IP belongs to. 0 is good/unknown, 5 is worse
|
||||
example: 2
|
||||
enum:
|
||||
- 0
|
||||
- 1
|
||||
- 2
|
||||
- 3
|
||||
- 4
|
||||
- 5
|
||||
ip_range_24:
|
||||
type: string
|
||||
description: The /24 range to which the IP belongs
|
||||
example: "1.2.3.0/24"
|
||||
nullable: true
|
||||
ip_range_24_reputation:
|
||||
type: string
|
||||
description: The /24 range to which the IP belongs
|
||||
nullable: true
|
||||
example: "malicious"
|
||||
enum:
|
||||
- malicious
|
||||
- suspicious
|
||||
- unknown
|
||||
- known
|
||||
- safe
|
||||
ip_range_24_score:
|
||||
type: number
|
||||
description: The score of the /24 range (ip_range_24) the IP belongs to. 0 is good/unknown, 5 is worse
|
||||
nullable: true
|
||||
example: 2
|
||||
enum:
|
||||
- 0
|
||||
- 1
|
||||
- 2
|
||||
- 3
|
||||
- 4
|
||||
- 5
|
||||
as_name:
|
||||
type: string
|
||||
description: The autonomous system name to which the IP belongs
|
||||
|
@ -223,10 +283,19 @@ components:
|
|||
nullable: true
|
||||
background_noise_score:
|
||||
type: number
|
||||
description: The background noise score of the IP ranging from 0 to 10 (highly
|
||||
noisy)
|
||||
description: The background noise score of the IP ranging from 0 to 10 (highly noisy)
|
||||
example: 8
|
||||
nullable: true
|
||||
background_noise:
|
||||
type: string
|
||||
description: The background noise level of the IP address
|
||||
example: high
|
||||
nullable: true
|
||||
enum:
|
||||
- low
|
||||
- medium
|
||||
- high
|
||||
- none
|
||||
location:
|
||||
type: object
|
||||
description: Location information about the IP address
|
||||
|
@ -242,7 +311,7 @@ components:
|
|||
example: US
|
||||
nullable: true
|
||||
city:
|
||||
type: string
|
||||
type: "string"
|
||||
description: The associated City of the IP
|
||||
example: New York
|
||||
nullable: true
|
||||
|
@ -269,9 +338,8 @@ components:
|
|||
properties:
|
||||
name:
|
||||
type: string
|
||||
description: The category of the attack, often in the form
|
||||
"protocol-or-scope:attack_type"
|
||||
example: http:scan
|
||||
description: The category of the attack, often in the form "protocol-or-scope:attack_type"
|
||||
example: "http:scan"
|
||||
label:
|
||||
type: string
|
||||
description: Human-friendly description of the category
|
||||
|
@ -279,8 +347,7 @@ components:
|
|||
description:
|
||||
type: string
|
||||
description: Human-friendly description of the category
|
||||
example: IP has been reported for performing actions related to HTTP
|
||||
vulnerability scanning and discovery
|
||||
example: IP has been reported for performing actions related to HTTP vulnerability scanning and discovery
|
||||
references:
|
||||
type: array
|
||||
description: A list of the references for which the IP was see
|
||||
|
@ -290,7 +357,7 @@ components:
|
|||
name:
|
||||
type: string
|
||||
description: The reference, often in the form "list:list_name"
|
||||
example: list:my_list
|
||||
example: "list:my_list"
|
||||
label:
|
||||
type: string
|
||||
description: Human-friendly description of the reference
|
||||
|
@ -304,14 +371,12 @@ components:
|
|||
properties:
|
||||
first_seen:
|
||||
type: string
|
||||
description: Date of the first time this IP was reported. Due to "progressive
|
||||
data degradation", this date might be later than the first time
|
||||
the IP was actually seen
|
||||
example: 2021-03-03T23:00:00
|
||||
description: Date of the first time this IP was reported. Due to "progressive data degradation", this date might be later than the first time the IP was actually seen
|
||||
example: "2021-03-03T23:00:00"
|
||||
last_seen:
|
||||
type: string
|
||||
description: Date of the last time this IP was reported
|
||||
example: 2021-03-03T23:30:00
|
||||
example: "2021-03-03T23:30:00"
|
||||
full_age:
|
||||
type: number
|
||||
description: Delta in days between first seen and today
|
||||
|
@ -325,16 +390,14 @@ components:
|
|||
properties:
|
||||
false_positives:
|
||||
type: array
|
||||
description: A list of false positives tags associated with the IP. Any IP with
|
||||
`false_positives` tags shouldn't be considered as malicious
|
||||
description: A list of false positives tags associated with the IP. Any IP with `false_positives` tags shouldn't be considered as malicious
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
description: The name of the false positive, often in the form
|
||||
"protocol-or-scope:attack_type"
|
||||
example: seo:crawler
|
||||
description: The name of the false positive, often in the form "protocol-or-scope:attack_type"
|
||||
example: "seo:crawler"
|
||||
label:
|
||||
type: string
|
||||
description: Human-friendly name of the category
|
||||
|
@ -342,20 +405,17 @@ components:
|
|||
description:
|
||||
type: string
|
||||
description: Human-friendly description of the category
|
||||
example: IP belongs to a known SEO crawler and should not be flagged as a
|
||||
threat.
|
||||
example: IP belongs to a known SEO crawler and should not be flagged as a threat.
|
||||
classifications:
|
||||
type: array
|
||||
description: A list of categories associated with the IP. Those data can be
|
||||
sourced from 3rd parties (i.e. tor exit nodes list)
|
||||
description: A list of categories associated with the IP. Those data can be sourced from 3rd parties (i.e. tor exit nodes list)
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
description: The name of the category, often in the form
|
||||
"protocol-or-scope:attack_type"
|
||||
example: community-blocklist
|
||||
description: The name of the category, often in the form "protocol-or-scope:attack_type"
|
||||
example: "community-blocklist"
|
||||
label:
|
||||
type: string
|
||||
description: Human-friendly name of the category
|
||||
|
@ -373,7 +433,7 @@ components:
|
|||
name:
|
||||
type: string
|
||||
description: The ID of the Mitre technique"
|
||||
example: T1190
|
||||
example: "T1190"
|
||||
label:
|
||||
type: string
|
||||
description: The name of the Mitre technique
|
||||
|
@ -381,8 +441,7 @@ components:
|
|||
description:
|
||||
type: string
|
||||
description: Description of the Mitre technique
|
||||
example: Adversaries may attempt to exploit a weakness in an Internet-facing
|
||||
host or system to initially access a network.
|
||||
example: Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
|
||||
cves:
|
||||
type: array
|
||||
description: A list of CVEs reported for this IP.
|
||||
|
@ -390,8 +449,7 @@ components:
|
|||
type: string
|
||||
attack_details:
|
||||
type: array
|
||||
description: A more exhaustive list of the scenarios for which a given IP was
|
||||
reported
|
||||
description: A more exhaustive list of the scenarios for which a given IP was reported
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
|
@ -413,8 +471,7 @@ components:
|
|||
type: string
|
||||
target_countries:
|
||||
type: object
|
||||
description: The top 10 reports repartition by country about the IP, as a
|
||||
percentage
|
||||
description: The top 10 reports repartition by country about the IP, as a percentage
|
||||
scores:
|
||||
type: object
|
||||
properties:
|
||||
|
@ -490,18 +547,16 @@ components:
|
|||
total:
|
||||
type: number
|
||||
description: Last month score
|
||||
|
||||
FireIPCTIResponse:
|
||||
title: Fire IP CTI Response
|
||||
title: "Fire IP CTI Response"
|
||||
allOf:
|
||||
- $ref: "#/components/schemas/CTIObject"
|
||||
- type: object
|
||||
properties:
|
||||
state:
|
||||
type: string
|
||||
description: "state of the IP in the community blocklist: validated means IP is
|
||||
currently part of community blocklist, refused means it was part
|
||||
of the community blocklist, but was manually purged (ie. false
|
||||
positive)"
|
||||
description: "state of the IP in the community blocklist: validated means IP is currently part of community blocklist, refused means it was part of the community blocklist, but was manually purged (ie. false positive)"
|
||||
enum:
|
||||
- validated
|
||||
- refused
|
||||
|
@ -509,10 +564,10 @@ components:
|
|||
expiration:
|
||||
type: string
|
||||
description: Date at which the IP address expire from the community blocklist
|
||||
example: 2022-03-04T10:00:00
|
||||
example: "2022-03-04T10:00:00"
|
||||
SearchCTIResponse:
|
||||
title: Search CTI Response
|
||||
type: object
|
||||
title: "Search CTI Response"
|
||||
type: "object"
|
||||
required:
|
||||
- items
|
||||
- total
|
||||
|
@ -528,11 +583,11 @@ components:
|
|||
items:
|
||||
$ref: "#/components/schemas/CTIObject"
|
||||
QueryCTIResponse:
|
||||
title: Query IP CTI Response
|
||||
title: "Query IP CTI Response"
|
||||
$ref: "#/components/schemas/CTIObject"
|
||||
FireCTIResponse:
|
||||
title: Fire CTI response
|
||||
type: object
|
||||
title: "Fire CTI response"
|
||||
type: "object"
|
||||
required:
|
||||
- _links
|
||||
- items
|
||||
|
@ -551,7 +606,7 @@ components:
|
|||
properties:
|
||||
href:
|
||||
type: string
|
||||
description: Url of the current result set
|
||||
description: "Url of the current result set"
|
||||
example: https://cti.api.dev.crowdsec.net/v1/fire?page=3&since=4h
|
||||
prev:
|
||||
type: object
|
||||
|
@ -560,7 +615,7 @@ components:
|
|||
properties:
|
||||
href:
|
||||
type: string
|
||||
description: Url of the previous page of result set
|
||||
description: "Url of the previous page of result set"
|
||||
example: https://cti.api.dev.crowdsec.net/v1/fire?page=2&since=4h
|
||||
next:
|
||||
type: object
|
||||
|
@ -569,7 +624,7 @@ components:
|
|||
properties:
|
||||
href:
|
||||
type: string
|
||||
description: Url of the next page of result set
|
||||
description: "Url of the next page of result set"
|
||||
example: https://cti.api.dev.crowdsec.net/v1/fire?page=4&since=4h
|
||||
first:
|
||||
type: object
|
||||
|
@ -579,22 +634,22 @@ components:
|
|||
href:
|
||||
type: string
|
||||
nullable: true
|
||||
description: Url of the first page of result set
|
||||
description: "Url of the first page of result set"
|
||||
example: https://cti.api.dev.crowdsec.net/v1/fire?since=4
|
||||
items:
|
||||
type: array
|
||||
items:
|
||||
$ref: "#/components/schemas/FireIPCTIResponse"
|
||||
ErrorResponse:
|
||||
type: object
|
||||
type: "object"
|
||||
required:
|
||||
- message
|
||||
- "message"
|
||||
properties:
|
||||
message:
|
||||
type: string
|
||||
description: Error message
|
||||
type: "string"
|
||||
description: "Error message"
|
||||
errors:
|
||||
type: string
|
||||
description: More details on individual errors
|
||||
title: Error response
|
||||
description: Error response return by the API
|
||||
type: "string"
|
||||
description: "More details on individual errors"
|
||||
title: "Error response"
|
||||
description: "Error response return by the API"
|
181
pkg/cti/types.go
181
pkg/cti/types.go
|
@ -7,6 +7,98 @@ const (
|
|||
Api_keyScopes = "api_key.Scopes"
|
||||
)
|
||||
|
||||
// Defines values for CTIObjectBackgroundNoise.
|
||||
const (
|
||||
CTIObjectBackgroundNoiseHigh CTIObjectBackgroundNoise = "high"
|
||||
CTIObjectBackgroundNoiseLow CTIObjectBackgroundNoise = "low"
|
||||
CTIObjectBackgroundNoiseMedium CTIObjectBackgroundNoise = "medium"
|
||||
CTIObjectBackgroundNoiseNone CTIObjectBackgroundNoise = "none"
|
||||
)
|
||||
|
||||
// Defines values for CTIObjectIpRange24Reputation.
|
||||
const (
|
||||
CTIObjectIpRange24ReputationKnown CTIObjectIpRange24Reputation = "known"
|
||||
CTIObjectIpRange24ReputationMalicious CTIObjectIpRange24Reputation = "malicious"
|
||||
CTIObjectIpRange24ReputationSafe CTIObjectIpRange24Reputation = "safe"
|
||||
CTIObjectIpRange24ReputationSuspicious CTIObjectIpRange24Reputation = "suspicious"
|
||||
CTIObjectIpRange24ReputationUnknown CTIObjectIpRange24Reputation = "unknown"
|
||||
)
|
||||
|
||||
// Defines values for CTIObjectIpRange24Score.
|
||||
const (
|
||||
CTIObjectIpRange24ScoreN0 CTIObjectIpRange24Score = 0
|
||||
CTIObjectIpRange24ScoreN1 CTIObjectIpRange24Score = 1
|
||||
CTIObjectIpRange24ScoreN2 CTIObjectIpRange24Score = 2
|
||||
CTIObjectIpRange24ScoreN3 CTIObjectIpRange24Score = 3
|
||||
CTIObjectIpRange24ScoreN4 CTIObjectIpRange24Score = 4
|
||||
CTIObjectIpRange24ScoreN5 CTIObjectIpRange24Score = 5
|
||||
)
|
||||
|
||||
// Defines values for CTIObjectIpRangeScore.
|
||||
const (
|
||||
CTIObjectIpRangeScoreN0 CTIObjectIpRangeScore = 0
|
||||
CTIObjectIpRangeScoreN1 CTIObjectIpRangeScore = 1
|
||||
CTIObjectIpRangeScoreN2 CTIObjectIpRangeScore = 2
|
||||
CTIObjectIpRangeScoreN3 CTIObjectIpRangeScore = 3
|
||||
CTIObjectIpRangeScoreN4 CTIObjectIpRangeScore = 4
|
||||
CTIObjectIpRangeScoreN5 CTIObjectIpRangeScore = 5
|
||||
)
|
||||
|
||||
// Defines values for CTIObjectReputation.
|
||||
const (
|
||||
CTIObjectReputationKnown CTIObjectReputation = "known"
|
||||
CTIObjectReputationMalicious CTIObjectReputation = "malicious"
|
||||
CTIObjectReputationSafe CTIObjectReputation = "safe"
|
||||
CTIObjectReputationSuspicious CTIObjectReputation = "suspicious"
|
||||
CTIObjectReputationUnknown CTIObjectReputation = "unknown"
|
||||
)
|
||||
|
||||
// Defines values for FireIPCTIResponseBackgroundNoise.
|
||||
const (
|
||||
FireIPCTIResponseBackgroundNoiseHigh FireIPCTIResponseBackgroundNoise = "high"
|
||||
FireIPCTIResponseBackgroundNoiseLow FireIPCTIResponseBackgroundNoise = "low"
|
||||
FireIPCTIResponseBackgroundNoiseMedium FireIPCTIResponseBackgroundNoise = "medium"
|
||||
FireIPCTIResponseBackgroundNoiseNone FireIPCTIResponseBackgroundNoise = "none"
|
||||
)
|
||||
|
||||
// Defines values for FireIPCTIResponseIpRange24Reputation.
|
||||
const (
|
||||
FireIPCTIResponseIpRange24ReputationKnown FireIPCTIResponseIpRange24Reputation = "known"
|
||||
FireIPCTIResponseIpRange24ReputationMalicious FireIPCTIResponseIpRange24Reputation = "malicious"
|
||||
FireIPCTIResponseIpRange24ReputationSafe FireIPCTIResponseIpRange24Reputation = "safe"
|
||||
FireIPCTIResponseIpRange24ReputationSuspicious FireIPCTIResponseIpRange24Reputation = "suspicious"
|
||||
FireIPCTIResponseIpRange24ReputationUnknown FireIPCTIResponseIpRange24Reputation = "unknown"
|
||||
)
|
||||
|
||||
// Defines values for FireIPCTIResponseIpRange24Score.
|
||||
const (
|
||||
FireIPCTIResponseIpRange24ScoreN0 FireIPCTIResponseIpRange24Score = 0
|
||||
FireIPCTIResponseIpRange24ScoreN1 FireIPCTIResponseIpRange24Score = 1
|
||||
FireIPCTIResponseIpRange24ScoreN2 FireIPCTIResponseIpRange24Score = 2
|
||||
FireIPCTIResponseIpRange24ScoreN3 FireIPCTIResponseIpRange24Score = 3
|
||||
FireIPCTIResponseIpRange24ScoreN4 FireIPCTIResponseIpRange24Score = 4
|
||||
FireIPCTIResponseIpRange24ScoreN5 FireIPCTIResponseIpRange24Score = 5
|
||||
)
|
||||
|
||||
// Defines values for FireIPCTIResponseIpRangeScore.
|
||||
const (
|
||||
FireIPCTIResponseIpRangeScoreN0 FireIPCTIResponseIpRangeScore = 0
|
||||
FireIPCTIResponseIpRangeScoreN1 FireIPCTIResponseIpRangeScore = 1
|
||||
FireIPCTIResponseIpRangeScoreN2 FireIPCTIResponseIpRangeScore = 2
|
||||
FireIPCTIResponseIpRangeScoreN3 FireIPCTIResponseIpRangeScore = 3
|
||||
FireIPCTIResponseIpRangeScoreN4 FireIPCTIResponseIpRangeScore = 4
|
||||
FireIPCTIResponseIpRangeScoreN5 FireIPCTIResponseIpRangeScore = 5
|
||||
)
|
||||
|
||||
// Defines values for FireIPCTIResponseReputation.
|
||||
const (
|
||||
FireIPCTIResponseReputationKnown FireIPCTIResponseReputation = "known"
|
||||
FireIPCTIResponseReputationMalicious FireIPCTIResponseReputation = "malicious"
|
||||
FireIPCTIResponseReputationSafe FireIPCTIResponseReputation = "safe"
|
||||
FireIPCTIResponseReputationSuspicious FireIPCTIResponseReputation = "suspicious"
|
||||
FireIPCTIResponseReputationUnknown FireIPCTIResponseReputation = "unknown"
|
||||
)
|
||||
|
||||
// Defines values for FireIPCTIResponseState.
|
||||
const (
|
||||
Refused FireIPCTIResponseState = "refused"
|
||||
|
@ -22,7 +114,7 @@ type CTIObject struct {
|
|||
AsNum *float32 `json:"as_num"`
|
||||
|
||||
// AttackDetails A more exhaustive list of the scenarios for which a given IP was reported
|
||||
AttackDetails *[]struct {
|
||||
AttackDetails []struct {
|
||||
// Description Human-friendly descriptions of scenarios
|
||||
Description *string `json:"description,omitempty"`
|
||||
|
||||
|
@ -32,7 +124,10 @@ type CTIObject struct {
|
|||
// Name Name of the scenario (see hub.crowdsec.net)
|
||||
Name *string `json:"name,omitempty"`
|
||||
References *[]string `json:"references,omitempty"`
|
||||
} `json:"attack_details,omitempty"`
|
||||
} `json:"attack_details"`
|
||||
|
||||
// BackgroundNoise The background noise level of the IP address
|
||||
BackgroundNoise *CTIObjectBackgroundNoise `json:"background_noise"`
|
||||
|
||||
// BackgroundNoiseScore The background noise score of the IP ranging from 0 to 10 (highly noisy)
|
||||
BackgroundNoiseScore *float32 `json:"background_noise_score"`
|
||||
|
@ -75,7 +170,7 @@ type CTIObject struct {
|
|||
} `json:"classifications"`
|
||||
|
||||
// Cves A list of CVEs reported for this IP.
|
||||
Cves *[]string `json:"cves,omitempty"`
|
||||
Cves []string `json:"cves"`
|
||||
History struct {
|
||||
// DaysAge Delta in days between first and last seen timestamps
|
||||
DaysAge *float32 `json:"days_age,omitempty"`
|
||||
|
@ -96,8 +191,17 @@ type CTIObject struct {
|
|||
// IpRange The range to which the IP belongs
|
||||
IpRange *string `json:"ip_range"`
|
||||
|
||||
// IpRange24 The /24 range to which the IP belongs
|
||||
IpRange24 *string `json:"ip_range_24"`
|
||||
|
||||
// IpRange24Reputation The /24 range to which the IP belongs
|
||||
IpRange24Reputation *CTIObjectIpRange24Reputation `json:"ip_range_24_reputation"`
|
||||
|
||||
// IpRange24Score The score of the /24 range (ip_range_24) the IP belongs to. 0 is good/unknown, 5 is worse
|
||||
IpRange24Score *CTIObjectIpRange24Score `json:"ip_range_24_score"`
|
||||
|
||||
// IpRangeScore The score of the range (ip_range) the IP belongs to. 0 is good/unknown, 5 is worse
|
||||
IpRangeScore float32 `json:"ip_range_score"`
|
||||
IpRangeScore CTIObjectIpRangeScore `json:"ip_range_score"`
|
||||
|
||||
// Location Location information about the IP address
|
||||
Location struct {
|
||||
|
@ -115,7 +219,7 @@ type CTIObject struct {
|
|||
} `json:"location"`
|
||||
|
||||
// MitreTechniques A list of Mitre Enterprise Techniques associated with the IP.
|
||||
MitreTechniques *[]struct {
|
||||
MitreTechniques []struct {
|
||||
// Description Description of the Mitre technique
|
||||
Description *string `json:"description,omitempty"`
|
||||
|
||||
|
@ -124,7 +228,7 @@ type CTIObject struct {
|
|||
|
||||
// Name The ID of the Mitre technique"
|
||||
Name *string `json:"name,omitempty"`
|
||||
} `json:"mitre_techniques,omitempty"`
|
||||
} `json:"mitre_techniques"`
|
||||
|
||||
// References A list of the references for which the IP was see
|
||||
References []struct {
|
||||
|
@ -138,6 +242,9 @@ type CTIObject struct {
|
|||
Name *string `json:"name,omitempty"`
|
||||
} `json:"references"`
|
||||
|
||||
// Reputation The reputation of the IP address
|
||||
Reputation CTIObjectReputation `json:"reputation"`
|
||||
|
||||
// ReverseDns Reverse dns lookup of the IP
|
||||
ReverseDns *string `json:"reverse_dns"`
|
||||
Scores struct {
|
||||
|
@ -211,6 +318,21 @@ type CTIObject struct {
|
|||
TargetCountries map[string]interface{} `json:"target_countries"`
|
||||
}
|
||||
|
||||
// CTIObjectBackgroundNoise The background noise level of the IP address
|
||||
type CTIObjectBackgroundNoise string
|
||||
|
||||
// CTIObjectIpRange24Reputation The /24 range to which the IP belongs
|
||||
type CTIObjectIpRange24Reputation string
|
||||
|
||||
// CTIObjectIpRange24Score The score of the /24 range (ip_range_24) the IP belongs to. 0 is good/unknown, 5 is worse
|
||||
type CTIObjectIpRange24Score float32
|
||||
|
||||
// CTIObjectIpRangeScore The score of the range (ip_range) the IP belongs to. 0 is good/unknown, 5 is worse
|
||||
type CTIObjectIpRangeScore float32
|
||||
|
||||
// CTIObjectReputation The reputation of the IP address
|
||||
type CTIObjectReputation string
|
||||
|
||||
// ErrorResponse Error response return by the API
|
||||
type ErrorResponse struct {
|
||||
// Errors More details on individual errors
|
||||
|
@ -255,7 +377,7 @@ type FireIPCTIResponse struct {
|
|||
AsNum *float32 `json:"as_num"`
|
||||
|
||||
// AttackDetails A more exhaustive list of the scenarios for which a given IP was reported
|
||||
AttackDetails *[]struct {
|
||||
AttackDetails []struct {
|
||||
// Description Human-friendly descriptions of scenarios
|
||||
Description *string `json:"description,omitempty"`
|
||||
|
||||
|
@ -265,7 +387,10 @@ type FireIPCTIResponse struct {
|
|||
// Name Name of the scenario (see hub.crowdsec.net)
|
||||
Name *string `json:"name,omitempty"`
|
||||
References *[]string `json:"references,omitempty"`
|
||||
} `json:"attack_details,omitempty"`
|
||||
} `json:"attack_details"`
|
||||
|
||||
// BackgroundNoise The background noise level of the IP address
|
||||
BackgroundNoise *FireIPCTIResponseBackgroundNoise `json:"background_noise"`
|
||||
|
||||
// BackgroundNoiseScore The background noise score of the IP ranging from 0 to 10 (highly noisy)
|
||||
BackgroundNoiseScore *float32 `json:"background_noise_score"`
|
||||
|
@ -308,7 +433,7 @@ type FireIPCTIResponse struct {
|
|||
} `json:"classifications"`
|
||||
|
||||
// Cves A list of CVEs reported for this IP.
|
||||
Cves *[]string `json:"cves,omitempty"`
|
||||
Cves []string `json:"cves"`
|
||||
|
||||
// Expiration Date at which the IP address expire from the community blocklist
|
||||
Expiration *string `json:"expiration,omitempty"`
|
||||
|
@ -332,8 +457,17 @@ type FireIPCTIResponse struct {
|
|||
// IpRange The range to which the IP belongs
|
||||
IpRange *string `json:"ip_range"`
|
||||
|
||||
// IpRange24 The /24 range to which the IP belongs
|
||||
IpRange24 *string `json:"ip_range_24"`
|
||||
|
||||
// IpRange24Reputation The /24 range to which the IP belongs
|
||||
IpRange24Reputation *FireIPCTIResponseIpRange24Reputation `json:"ip_range_24_reputation"`
|
||||
|
||||
// IpRange24Score The score of the /24 range (ip_range_24) the IP belongs to. 0 is good/unknown, 5 is worse
|
||||
IpRange24Score *FireIPCTIResponseIpRange24Score `json:"ip_range_24_score"`
|
||||
|
||||
// IpRangeScore The score of the range (ip_range) the IP belongs to. 0 is good/unknown, 5 is worse
|
||||
IpRangeScore float32 `json:"ip_range_score"`
|
||||
IpRangeScore FireIPCTIResponseIpRangeScore `json:"ip_range_score"`
|
||||
|
||||
// Location Location information about the IP address
|
||||
Location struct {
|
||||
|
@ -351,7 +485,7 @@ type FireIPCTIResponse struct {
|
|||
} `json:"location"`
|
||||
|
||||
// MitreTechniques A list of Mitre Enterprise Techniques associated with the IP.
|
||||
MitreTechniques *[]struct {
|
||||
MitreTechniques []struct {
|
||||
// Description Description of the Mitre technique
|
||||
Description *string `json:"description,omitempty"`
|
||||
|
||||
|
@ -360,7 +494,7 @@ type FireIPCTIResponse struct {
|
|||
|
||||
// Name The ID of the Mitre technique"
|
||||
Name *string `json:"name,omitempty"`
|
||||
} `json:"mitre_techniques,omitempty"`
|
||||
} `json:"mitre_techniques"`
|
||||
|
||||
// References A list of the references for which the IP was see
|
||||
References []struct {
|
||||
|
@ -374,6 +508,9 @@ type FireIPCTIResponse struct {
|
|||
Name *string `json:"name,omitempty"`
|
||||
} `json:"references"`
|
||||
|
||||
// Reputation The reputation of the IP address
|
||||
Reputation FireIPCTIResponseReputation `json:"reputation"`
|
||||
|
||||
// ReverseDns Reverse dns lookup of the IP
|
||||
ReverseDns *string `json:"reverse_dns"`
|
||||
Scores struct {
|
||||
|
@ -450,6 +587,21 @@ type FireIPCTIResponse struct {
|
|||
TargetCountries map[string]interface{} `json:"target_countries"`
|
||||
}
|
||||
|
||||
// FireIPCTIResponseBackgroundNoise The background noise level of the IP address
|
||||
type FireIPCTIResponseBackgroundNoise string
|
||||
|
||||
// FireIPCTIResponseIpRange24Reputation The /24 range to which the IP belongs
|
||||
type FireIPCTIResponseIpRange24Reputation string
|
||||
|
||||
// FireIPCTIResponseIpRange24Score The score of the /24 range (ip_range_24) the IP belongs to. 0 is good/unknown, 5 is worse
|
||||
type FireIPCTIResponseIpRange24Score float32
|
||||
|
||||
// FireIPCTIResponseIpRangeScore The score of the range (ip_range) the IP belongs to. 0 is good/unknown, 5 is worse
|
||||
type FireIPCTIResponseIpRangeScore float32
|
||||
|
||||
// FireIPCTIResponseReputation The reputation of the IP address
|
||||
type FireIPCTIResponseReputation string
|
||||
|
||||
// FireIPCTIResponseState state of the IP in the community blocklist: validated means IP is currently part of community blocklist, refused means it was part of the community blocklist, but was manually purged (ie. false positive)
|
||||
type FireIPCTIResponseState string
|
||||
|
||||
|
@ -467,9 +619,12 @@ type SearchCTIResponse struct {
|
|||
|
||||
// GetFireParams defines parameters for GetFire.
|
||||
type GetFireParams struct {
|
||||
// Page Number of the page to fetch
|
||||
// Page The page to fetch
|
||||
Page *float32 `form:"page,omitempty" json:"page,omitempty"`
|
||||
|
||||
// Limit The number of items to fetch
|
||||
Limit *float32 `form:"limit,omitempty" json:"limit,omitempty"`
|
||||
|
||||
// Since Filter records updated since - duration in h (hours), d(days), m(minutes) )
|
||||
Since *string `form:"since,omitempty" json:"since,omitempty"`
|
||||
}
|
||||
|
|
|
@ -54,11 +54,7 @@ func InitCrowdsecCTI(Key *string, TTL *time.Duration, Size *int, LogLevel *log.L
|
|||
subLogger := clog.WithFields(customLog)
|
||||
ctiLogger = subLogger
|
||||
CrowdsecCTIInitCache(*Size, *TTL)
|
||||
provider, err := cti.NewAPIKeyProvider(CTIApiKey)
|
||||
if err != nil {
|
||||
return fmt.Errorf("while creating CTI API key provider: %w", err)
|
||||
}
|
||||
ctiClient, err = cti.NewClientWithResponses("https://cti.api.crowdsec.net/v2/", cti.WithRequestEditorFn(provider.Intercept))
|
||||
ctiClient, err = cti.NewCTIClient(CTIApiKey)
|
||||
if err != nil {
|
||||
return fmt.Errorf("while creating CTI client: %w", err)
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue